Subj : This stealthy new malware can apparently avoid all antivirus scan To : All From : TechnologyDaily Date : Fri Apr 12 2024 14:15:05 This stealthy new malware can apparently avoid all antivirus scanners Date: Fri, 12 Apr 2024 13:00:46 +0000 Description: Researchers found a new version of Raspberry Robin, capable of working around antivirus tools. FULL STORY ====================================================================== Cybersecurity researchers have found a new version of the infamous Raspberry Robin malware , and this one is apparently really good at avoiding antivirus programs and other endpoint protection solutions. Earlier this week, researchers from HP Wolf Security published a new report, in which they claim to have observed a new Raspberry Robin campaign which started in March this year, The Hacker News reports. In this campaign, the attackers host a malicious, heavily-obfuscated WSF (Windows Script Files) file on various domains and subdomains. Then, they trick victims into navigating to these URLs, with unknown means (most likely with social engineering, phishing, or malvertising). Hiding behind antivirus If the WSF file is executed, it will retrieve the main DLL, a payload that can be anything from SocGholish, Cobalt Strike, IcedID, BumbleBee, and TrueBot malware, to ransomware, the publication says. What makes this version of Raspberry Robin stand out, however, is the way it works around antivirus programs. Before downloading the main payload, it will run a series of anti-analysis and anti-virtual machine scans, to determine the type of environment its being activated in. Whats more, it wont execute on Windows older than December 2017, or if the list of running processes includes Avast, Avira, Bitdefender, Check Point, ESET, or Kaspersky. Finally, it is able to configure Microsoft Defender Antivirus exclusion rules to make sure it doesnt get picked up by the scanner. "The scripts itself are currently not classified as malicious by any an-virus scanners on VirusTotal, demonstrating the evasiveness of the malware and the risk of it causing a serious infection with Raspberry Robin," HP said. "The WSF downloader is heavily obfuscated and uses many an-analysis techniques enabling the malware to evade detection and slow down analysis." Raspberry Robin was first discovered in September 2021, and is also known under QNAP worm. Initially, it was distributed through malicious USB devices, carrying a .LNK file pointing to the payload hosted on a compromised QNAP device. More from TechRadar Pro Microsoft warns Raspberry Robin malware is getting a lot sourer Here's a list of the best firewalls around today These are the best endpoint security tools right now ====================================================================== Link to news story: https://www.techradar.com/pro/security/this-stealthy-new-malware-can-apparentl y-avoid-all-antivirus-scanners --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .